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CLAIMS 

What is Claimed Is : 

1 A method for cross directory authentication in a Public Key 
Infrastructure (PKI) comprising: 

configuring a first directory to query a second directory when receiving 
queries regarding signature certificates from a second enterprise PKI, the first 
directory being part of a first enterprise PKI, the second directory being part of the 
second enterprise PKI; 

attempting access to a server by a user, the server being part of the 
first enterprise PKI, the user presenting a signature certificate from the second 
enterprise PKI to the server for authentication; 

sending a query to the first directory from the server to determine if 
the user is allowed access to the server; 

sending a query to the second directory from the first directory to 
determine if the user is a member of the second enterprise PKI; and 

signaling the server by the first directory that the user is allowed 
access to the server if the user is a member of the second enterprise PKI. 

2. The method according to claim 1, further comprising configuring the 
first directory by a network administrator. 
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3. The method according to claim 1, further comprising configuring the 
server with information regarding users with signature certificates from the second 
enterprise PKI that are allowed access to the server. 

4. The method according to claim 1, further comprising configuring the 
first directory with information regarding users with signature certificates from the 
second enterprise PKI that are allowed access to the server. 

5. The method according to claim 4, further comprising configuring the 
server by a network administrator. 

6. A system for cross directory authentication in a Public Key 
Infrastructure (PKI) comprising: 

at least one server, the at least one server being part of a first 
enterprise PKI; 

at least one client platform, the at least one client platform usable by 
at least one user to request access to the at least one server; 

a second directory, the second directory containing information on at 
least one user with a signature certificate for a second enterprise PKI, the second 
directory being part of the second enterprise PKI; and 

a first directory, the first directory sending a query to the second 
directory when receiving a query from at least one server regarding a signature 
certificate for the second enterprise PKI received at the at least one server from at 
least one user for authentication, the query from the at least one server sent to the 
first directory to determine if the at least one user is allowed access to the at least 
one server, the first directory being part of the first enterprise PKI, the query sent to 
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the second directory from the first directory being sent to determine if the at least 
one user is a member of the second enterprise PKI, the first directory signaling the 
at least one server that the at least one user is allowed access to the at least one 
server if the user is a member of the second enterprise PKI. 

7. The system according to claim 6, wherein the first directory comprises 
a database. 

8. The system according to claim 6, wherein the second directory 
comprises a database. 

9. The system according to claim 6, wherein the at least one server, the 
at least one client platform, and the first directory are operably connected via a 
network. 

10. An article comprising a storage medium having instructions stored 
therein, the instructions when executed causing a processing device to perform: 

receiving configuration information that causes the processing device 
to send a query to a directory when receiving queries regarding signature 
certificates for a second enterprise PKI, the processing device being part of a first 
enterprise PKI, the directory being part of the second enterprise PKI; 

receiving a query from a server requesting if a user is allowed access 
to the server, the server being part of the first enterprise PKI; 

sending a query to the directory to determine if the user is a member 
of the second enterprise PKI; and 

signaling the server that the user is allowed access to the server if the 
user is a member of the second enterprise PKI. 
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